Sensitive information handling on a collaboration system

ABSTRACT

On a document collaboration system, such as a wiki, the content of postings to the collaboration system is monitored for sensitive information. Under some embodiments, when instances of such sensitive information are detected, an e-mail is sent to the user that posted the collaboration page posting. In other embodiments, a message is then sent to a person associated with the entity that indicates that the information placed on the collaboration page is confidential information or is related to an asset of the entity. In further embodiments, individual people are assigned responsibility for monitoring the use of certain instances of sensitive information on the collaboration system. Each user is only notified when the instances they are responsible for appear on a collaboration page. In other embodiments, if a collaboration page includes an instance of sensitive information, access to the collaboration page is changed such that fewer people can access the collaboration page.

CROSS-REFERENCES TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.11/940,742, filed Nov. 15, 2007 now U.S. Pat. No. 8,151,200, the entirecontent of which is hereby incorporated by reference in thisapplication.

STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT

(NOT APPLICABLE)

BACKGROUND OF THE INVENTION

A collaboration application is an application that enables its users tomanipulate (add to, edit, etc.) a body of substantive content mostcommonly organized into a collection of informative collaborationdocuments that are made remotely accessible to the community of users,usually through a search interface.

One example of a collaboration application is a wiki application. A wikiapplication typically includes a dynamic collection of substantiveinformation organized in the format of a collection of article-type webpages hosted on a site maintained on a computer network. In most cases,a user of the wiki application is able to selectively retrieve anarticle through a query process that involves a user-submission of oneor more search terms that are compared to key words associated with thearticles. A typical article will contain hypertext links that can benavigated to other related sources of information including, but notnecessarily limited to, other articles within the content of the wikiapplication.

In general, users are allowed to make edits and additions to the contentof the wiki application. Most if not all pages include a link to editfunctionality. If a user desires to change the page, he or she simplynavigates the link (e.g., thereby causing the wiki application todisplay a corresponding editing screen). When the user is finishedediting, they issue a submit command (e.g., by pressing a submit button)thereby publishing the changes to the content of the wiki application.In general, users are allowed to edit the work of other authors (incontrast to a web log, where changes to material as originally postedare generally not allowed).

Users of a wiki application are also typically allowed to add new pagesto the body of content. A new page can be linked by the page creator orby other users to existing pages. The creator and/or other users canedit the content of a new page. Thus, the content of a wiki applicationgrows and adapts as the result of the collective editing and authorshipefforts of the wiki application's community of users.

Some collaboration applications are publicly oriented. One example ofthis is the Wikipedia system, which is an Internet-based encyclopediaproject operated by the Wikimedia Foundation, a non-profit organization(see www.wikipedia.com). Other collaboration applications are not opento the general public. For example, some companies operate a wikiapplication, for example, to create an internal knowledge base.

Because a large number of people make changes to a collaborativedocument, problems can arise if a user adds offensive content to thedocument. Some collaborative document systems have filters that preventthe posting of content that includes offensive words. Other systemsprovide a report to an administrator to indicate any document postingsthat have included an offensive term.

The discussion above is merely provided for general backgroundinformation and is not intended to be used as an aid in determining thescope of the claimed subject matter.

BRIEF SUMMARY OF THE INVENTION

On a document collaboration system, such as a wiki, the content ofpostings to the collaboration system is monitored for sensitiveinformation. Under some embodiments, when such sensitive information isdetected, an e-mail is sent to the user that posted the collaborationpage posting. This e-mail warns the user about the use of theinformation on the collaboration page. In other embodiments,collaboration page postings are searched for information that an entitywishes to keep confidential or that represents an asset of the entity. Amessage is then sent to a person associated with the entity thatindicates that the information placed on the collaboration page isconfidential information or is related to an asset of the entity.

In further embodiments, individual people are assigned responsibilityfor monitoring the use of certain instances of sensitive information onthe collaboration system. Thus, one user may be assigned one word whileanother user will be assigned a different word. Each user is onlynotified when the instances of sensitive information they areresponsible for appear on a collaboration page, thereby allowingefficient monitoring and consistent responses to uses of certainsensitive information on the collaboration pages.

In other embodiments, an indication that a collaboration page has beenchanged is received and the change to the collaboration page is searchedto determine if it includes sensitive information in a list of sensitiveinformation. If a collaboration page includes an instance of sensitiveinformation, access to the collaboration page is changed such that fewerpeople can access the collaboration page.

This Summary is provided to introduce a selection of concepts in asimplified form that are further described below in the DetailedDescription. This Summary is not intended to identify key features oressential features of the claimed subject matter, nor is it intended tobe used as an aid in determining the scope of the claimed subjectmatter. The claimed subject matter is not limited to implementationsthat solve any or all disadvantages noted in the background.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram of a client server environment forcollaboration systems under one embodiment.

FIG. 2 is a block diagram of a collaboration system showing elementsused in handling sensitive information under one embodiment.

FIG. 3 is a flow diagram of a method of detecting and taking actionbased on sensitive information in a posting under one embodiment.

FIG. 4 is a flow diagram of one action that may be taken after detectingsensitive information under one embodiment.

FIG. 5 is a flow diagram of another action that may be taken upondetecting sensitive information under one embodiment.

FIG. 6 is a flow diagram of a method for establishing administrators andspecialists under one embodiment.

FIG. 7 is a flow diagram of an action that can be taken to informcertain users when an instance of sensitive information is found in acollaboration document under one embodiment.

FIG. 8 is a block diagram of an example computing device.

DETAILED DESCRIPTION OF THE INVENTION

On a document collaboration system, such as a wiki or knowledgemanagement system, embodiments described below track the content ofpostings to determine if the postings include sensitive information.Such postings can include new collaboration pages or revisions toexisting collaboration pages. Under some embodiments, when suchsensitive information is detected, an e-mail is sent to the user thatposted the collaboration page posting. This e-mail warns the user aboutthe use of the information on the collaboration page. By sending themessage in a separate e-mail, the embodiments described below have moreimpact on a user than just sending a message within the collaborationapplication because such e-mails are perceived as being part of a largernotification framework that is likely to involve an administrator orsupervisor. As such, users are typically better motivated by an e-mailmessage to correct the posting to remove the sensitive information thanif the user was simply warned within the collaboration application.

In other embodiments, collaboration page postings are searched forinformation that an entity wishes to keep confidential or thatrepresents an asset of the entity. A message is then sent to a personassociated with the entity that indicates that the information placed onthe collaboration page is confidential information or is related to anasset of the entity. Providing messages that a collaboration pageposting includes confidential information allows action to be taken toprevent the unwanted disclosure of confidential information.

In further embodiments, individual people are assigned responsibilityfor keeping particular instances of sensitive information from appearingon collaboration pages on a collaboration system or for ensuring thatthe instances of sensitive information are used properly on thecollaboration pages. Thus, one user may be assigned a word or phraseassociated with a first confidential project while another user will beassigned a different word or phrase assigned with a second confidentialproject. Each user is only notified when the instances of sensitiveinformation they are responsible for appear on a collaboration page,thereby allowing efficient monitoring and consistent responses to usesof certain instances of sensitive information on the collaborationpages.

In other embodiments, an indication that a collaboration page has beenchanged is received and the change to the collaboration page is searchedto determine if it includes an instance of sensitive information in alist of sensitive information. If a collaboration page includes aninstance of sensitive information, access to the collaboration page ischanged such that fewer people can access the collaboration page. Thishelps to reduce access to collaboration pages that have confidential orproprietary information stored on them while still allowing some accessto the collaboration pages.

FIG. 1 is a schematic diagram of a collaboration application environment100. Environment 100 is but one example of an environment in whichembodiments disclosed herein may be implemented. Environment 100 is notintended to suggest any limitation as to scope of use or functionality.Neither should environment 100 be interpreted as having any dependencyor requirement relating to any one or combination of illustratedcomponents.

Within environment 100, a plurality of users 102, 104, 106 and 108 areshown as interacting with a plurality of corresponding client computingdevices 110, 112, 114 and 116. An illustrative four users and clientdevices are shown in environment 100 but an actual implementation isjust as likely to include more or fewer. Each client computing deviceinteracts across a network 118 with a web server 122. Network 118 can bepublic in nature (e.g., the Internet, etc.) or more internally focused(e.g., a corporate LAN, a private WAN, etc.).

Web server 122 controls access to and communication with a collaborationapplication 125, which has associated databases 126. Examples ofcollaboration application 125 include a wiki application and a knowledgemanagement application, under some embodiments. Web server 122 maycomprise a single computing device or multiple computing devices andportions of collaboration application 125 and or databases 126 may bestored on a single computing device or may be distributed across severalcomputing devices. The illustrated scenario is but an exampleconfiguration. Together, collaboration application 125 and databases 126form a collaboration system, such as a wiki or a knowledge managementsystem.

In one embodiment, web server 122 is a computing device responsible forserving web pages (e.g., HTML documents) via the HTTP protocol to clientdevices 110, 112, 114 and 116. Collaboration application 125 generatesweb pages passed by web server 122 based on content stored forcollaboration pages 128, for example content stored for wiki pages, orknowledge management documents, in databases 126. Each of devices 110,112, 114 and 116 includes a client application 124 (e.g., a web browserapplication) that is able to parse the web pages provided by web server122 and to display the parsed documents. Client application 124 is alsoable to collect textual input from the user and to send that input tocollaboration application 125 through web server 122. In addition,client application 124 is able to interpret certain actions by the useras requests to follow links embedded in the web pages and based on suchrequests is able to request further pages from collaboration application124 through web server 122. It should be noted that though the referencenumeral 124 has been assigned to represent the client application on allof client devices, in actuality, different client devices could operatedifferent client device applications. The consolidation of the referencenumeral is solely for the purpose of simplifying the diagram.

In one embodiment, not by limitation, collaboration application 125 isimplemented as a server-side script that runs on web server 122, withthe content generally stored in database 126, which illustrativelyincludes a relational database management system. In another embodiment,however, a server file system associated with web server 122 can be usedfor data management also or instead.

Accordingly, in one embodiment, web server 122, collaborationapplication 125 and database 126 together enable each of users 102, 104,106 and 108 to utilize client applications 124 to read, edit and writetheir own contributions to one or more collaboration documents 128. Theusers are illustratively able to include links to other pages in the setof collaboration pages 128, external links to the Internet or anIntranet and incorporate other content in the form of text, images,audio, video, etc. The collaboration application 125 manages thecollaboration processes, including the publication of the collaborationpages 128, storage of revision information including the identity of theauthor who revised content, the date and time the revision was made, andthe revisions that were made. The collaboration application 125 alsoincludes the ability to call external applications when certain eventsoccur as noted further below.

FIG. 2 provides a block diagram of elements used to detect and react tosensitive words added to a collaboration page. FIG. 3 provides a flowdiagram for detecting and reacting to such sensitive words.

In step 300 of FIG. 3, a revision poster (user) 200 indicates that theywish to save a posting to a collaboration document using collaborationapplication 125. (In FIG. 2, network 118, client application 124, andclient devices 110, 112, 114 and 116 are not shown for simplicity butshould be understood to be present to provide communication betweenrevision poster 200 and collaboration application 125.) Collaborationapplication 125 stores the collaboration document on collaborationpage's database 126 at step 302. After saving the collaborationdocument, collaboration application 125 examines an extensions list 208that lists external applications that are to be called during a saveoperation. Under one embodiment, extensions list 208 is a text documentthat is altered by an administrator of the collaboration system.Extension list 208 identifies detection filter application 210 as anapplication to be invoked upon saving a change to a collaborationdocument. Based on its inclusion in extension list 208, detection filterapplication 210 is invoked by collaboration application 125. As part ofinvoking detection filter 210, collaboration application 125 passes thecollaboration page ID that identifies the collaboration document thathas been revised as well as the author ID that identifies revisionposter 200. The collaboration page ID and author ID are shown asparameters 212 in FIG. 2.

At step 304, detection filter application 210 retrieves a sensitiveinformation and action database 214. Sensitive information and actiondatabase 214 includes a list of instances of information that areconsidered sensitive for the collaboration documents. Sensitiveinformation can include offensive words and phrases, words and phrasesthat are considered confidential to an entity, words and phrases thatare considered proprietary to an entity, and words and phrases that areassociated with an asset of an entity, for example. Such assets caninclude trade secrets, trademarks, patents, development projects,products under development, joint ventures, investments, customers, andfinancial information, for example. Other examples of sensitiveinformation include project identifiers, locations, names, financialinformation, charts, filenames and important dates, for example. Theembodiments described herein may be practiced for any instance ofsensitive information such as a word, phrase, project identifier,location, employee name, financial information, chart, filename orimportant date, for example.

Sensitive information and action database 214 also includes one or moreactions for each instance of sensitive information where each actionrepresents a function that is to be performed if the instance ofsensitive information is detected in a collaboration document. Eachlisted action can include a function name and parameters that are to bepassed to the function to perform the action. Under one embodiment, thesensitive information and actions listed in sensitive information andaction database 214 are set by an administrator 222. In otherembodiments, any user with authority to modify a collaboration page orpost a new collaboration page may add an instance of sensitiveinformation and action to sensitive information and action database 214.

At step 306, detection filter application 210 requests the content ofthe revised collaboration document from collaboration application 125.Under one embodiment, detection filter application 210 performs thisrequest by invoking a robot 216. Robot 216 uses the collaboration pageID and the author ID received by detection filter application 210 andapplication programming interfaces 218 in collaboration application 125to request the content of the revised collaboration document. Examplesof APIs 218 include APIs used to query collaboration pages databases 126for the posting and APIs for parsing the text of the posting.

At step 308, detection filter application 210 searches the content ofthe last posting for any instances of sensitive information in sensitiveinformation and action database 214. If an instance of sensitiveinformation from sensitive information and action database 214 is foundin the content of a posting, the instance of sensitive information andits associated actions are loaded into a found information and actionsarray 220 at step 310. At step 312, detection filter application 210invokes applications on an action application server 230 to take theactions in actions array 220. Examples of such actions are discussedbelow in connection with FIGS. 4-7. For example, such actions caninclude sending an e-mail message to the revision poster, changing asecurity access level for the collaboration document, and sending amessage to a user, referred to as a specialist, responsible for thesensitive information. Although the action applications are shown on aseparate action application server 230 in FIG. 2, in other embodimentsthe action applications may be stored on web server 122 or may each bestored on separate servers.

At step 314, detection filter application 210 sends a message to anadministrator 222 listing the instances of sensitive information thatwere found, the actions that have been taken, the identity of therevision poster, and the collaboration page ID. Under one embodiment,this message is sent using an e-mail application 224. In otherembodiments, a different message application 226 may be used to send themessage to administrator 222. The message application 226 may be aninstant messaging application or a report application that generates amarkup language page indicating which instances of sensitive informationhave been found and the actions that have been taken. In general,administrator 222 is responsible for maintaining the collaborationsystem and insuring that the collaboration documents in collaborationpages databases 126 meet the standards set for such collaborationdocuments.

FIG. 4 provides a flow diagram of one action that may be taken when aninstance of sensitive information is found in a collaboration documentposting. At step 400 of FIG. 4, the user ID of revision poster 200,which is passed by collaboration application 125 to detection filterapplication 210, is used by detection filter application 210 to retrievean e-mail address for revision poster 200. Under some embodiments,collaboration application 125 maintains a list of e-mail addresses foreach user authorized to post documents or revisions to collaborationapplication 125. In such embodiments, detection filter application 210uses robot 216 to request the e-mail address of the revision poster fromcollaboration application 125. In other embodiments, detection filterapplication 210 access a database that is separate from collaborationapplication 125 to determine the e-mail address of revision poster 200based on the user ID of revision poster 200. For example, detectionfilter application 210 may access a network database that associates alocal area network ID (LAN ID) for revision poster 200 with an e-mailaddress for revision poster 200.

At step 402, detection filter application 210 places the detectedsensitive information in e-mail text explaining concerns about theinformation and suggesting removal of the information from the page ordifferent usage of the information, for example. At step 404, detectionfilter application 210 sends the e-mail text and the e-mail address ofthe revision poster to an e-mail application such as e-mail application224 on action application servers 230. E-mail application 224 thendelivers the e-mail to revision poster 200 at step 406.

The action of sending an e-mail to revision poster 200 to indicate thattheir post contains sensitive information and explaining concerns aboutthe information provides a heightened response to the inclusion ofsensitive information in a collaboration document. In particular, manyusers perceive the reception of an e-mail outside of the collaborationapplication as an indication that the sensitive information hastriggered a larger response than if a simple warning is provided by thecollaboration application itself. In addition, many users perceive thesending of an e-mail as an indication that others at an entity have beeninformed that the revision poster posted a collaboration document thatincluded sensitive information. This helps to entice the revision poster200 to remove the sensitive information from their posting or to correctthe usage of the sensitive information in the posting as quickly aspossible.

FIG. 5 provides a flow diagram of a second action that may be taken whenan instance of sensitive information is detected in a collaborationdocument posting. At step 500, detection filter application 210 invokesan access restriction application 232 on action application servers 230.Although access restriction application 232 is shown as being separatefrom web server 122 in FIG. 2, in other embodiments, access restrictionapplication 232 may be stored on web server 122. In further embodiments,access restriction application 232 may be incorporated within detectionfilter application 210. At step 502, access restriction application 232reads the security level required to access the collaboration page thathas been revised. Under one embodiment, access restriction application232 reads the security level using APIs 218 of collaboration application125 to request the security level. At step 504, access restrictionapplication 232 compares the security level of the collaboration page tothe security level required for the sensitive information. Under someembodiments, the security level for the sensitive information is storedas a parameter of the action in sensitive information and actiondatabase 214 and is passed to action restriction application 232 bydetection filter application 210.

At step 506, access restriction application 232 increases the securitylevel of the collaboration page to reduce access to the collaborationpage if the security of the collaboration page is below the securitylevel required for the sensitive information. Under some embodiments,access restriction application 232 increases the security level of thecollaboration page by calling APIs 218 of collaboration application 125to set a new security level for the collaboration page in collaborationpages database 126. This new security level is such that fewer users canaccess the collaboration page but at least one user is still able toaccess the collaboration page.

By increasing the security level of the collaboration page to reduceaccess to the collaboration page, this embodiment reduces access to thesensitive information thereby helping to preserve the confidentiality orproprietary nature of the sensitive information while at the same timeallowing some users access to the collaboration page so that thecollaboration page can be further modified, if desired, to either removethe sensitive information, or to alter the text referring to thesensitive information so that it meets standards set for the sensitiveinformation. Once such corrections are made, the security level of thecollaboration page can be returned to its previous level so that moreusers may access the collaboration page. Note that changing the securitylevel of the collaboration page is less severe than simply deleting thecollaboration page posting. Changing the security level allows thecontent of the posting to be maintained so that all of the workassociated with the posting is not lost simply because the postingincluded an instance of sensitive information.

In further embodiments, an instance specialist 240 is notified when aparticular instance of sensitive information appears in a collaborationpage. As shown in the flow diagram of FIG. 6, in such embodiments, anadministrator such as administrator 222 is assigned to be responsiblefor all collaboration pages on the collaboration system at step 600. Instep 602, a plurality of users are set as specialists who are assignedresponsibility for monitoring use of respective instances of sensitiveinformation such that each specialist is responsible for a different setof instances. For example, one instance specialist may be associatedwith sensitive words associated with a first business project while asecond specialist would be associated with sensitive words associatedwith a second business project. By assigning particular instances toparticular instance specialists while also maintaining an administratorwho has responsibility for all collaboration pages, this embodimentlightens the work load for the administrator 222 and provides moreconsistent responses to the use of sensitive information since theinstance specialist 240 will develop an expertise for handling the useof their assigned instances of sensitive information in collaborationpages.

When instance specialists are used, one possible action that can betaken is shown in the flow diagram of FIG. 7. In FIG. 7, a specialistwho is responsible for monitoring the use of an instance of sensitiveinformation is identified at step 700. Under one embodiment, theinstance specialist is identified using a parameter stored in thesensitive information and action database 214 for the action, forexample. After identifying the specialist, detection filter application210 sends a message to the specialist identifying the instance ofsensitive information, the collaboration page, and the identity of therevision poster at step 702. The message may be sent using e-mailapplication 224 to send an e-mail to instance specialist 240 or themessage may be sent using message application 226. Message application226 may include applications that form instant messages as well asapplications that create reports that are then sent to the instancespecialist 240 or stored in a file that instance specialist 240 canaccess.

The methods and components discussed above may be implemented usingcomputing devices that execute computers executable instructions thatare stored or encoded on computer-readable media. For example, webserver 122, action application server(s) 230 and client devices 110,112, 114 and 116 represent computing devices that executecomputer-executable instructions representing collaboration application125, API's 218, diction filter application 210, robot 216, accessrestriction application 232, e-mail application 224, message application226 and client application 124.

An example of a computing device that can be used as a server or clientdevice is shown in the block diagram of FIG. 8. The computing device 10of FIG. 8 includes a processing unit 12, a system memory 14 and a systembus 16 that couples the system memory 14 to the processing unit 12.System memory 14 includes read only memory (ROM) 18 and random accessmemory (ROM) 20. A basic input/output system 22 (BIOS)/containing thebasic routines that help to transfer information between elements withinthe personal computer 10, is stored in ROM 18.

Embodiments of the present invention can be applied in the context ofcomputer systems other than personal computer 10. Other appropriatecomputer systems include handheld devices, multi-processor systems,various consumer electronic devices, mainframe computers, and the like.Those skilled in the art will also appreciate that embodiments can alsobe applied within computer systems wherein tasks are performed by remoteprocessing devices that are linked through a communications network(e.g., communication utilizing Internet or web-based software systems).For example, program modules may be located in either local or remotememory storage devices or simultaneously in both local and remote memorystorage devices. Similarly, any storage of data associated withembodiments of the present invention may be accomplished utilizingeither local or remote storage devices, or simultaneously utilizing bothlocal and remote storage devices.

Computer 10 further includes a hard disc drive 24, an external memorydevice 28, and an optical disc drive 30. External memory device 28 caninclude an external disc drive or solid state memory that may beattached to computer 10 through an interface such as Universal SerialBus interface 34, which is connected to system bus 16. Optical discdrive 30 can illustratively be utilized for reading data from (orwriting data to) optical media, such as a CD-ROM disc 32. Hard discdrive 24 and optical disc drive 30 are connected to the system bus 16 bya hard disc drive interface 32 and an optical disc drive interface 36,respectively. The drives and external memory devices and theirassociated computer-readable media provide nonvolatile storage for thepersonal computer 10 on which computer-executable instructions andcomputer-readable data structures may be stored. Other types of mediathat are readable by a computer may also be used in the exemplaryoperation environment.

A number of program modules may be stored in the drives and RAM 20,including an operating system 38, one or more application programs 40,other program modules 42 and program data 44. In particular, applicationprograms 40 can include any of the applications, robots or applicationinterfaces discussed above and program data 44 may include data storedin any of the databases or lists discussed above.

Input devices including a keyboard 63 and a mouse 65 are connected tosystem bus 16 through an Input/Output interface 46 that is coupled tosystem bus 16. Monitor 48 is connected to the system bus 16 through avideo adapter 50 and provides graphical images to users. Otherperipheral output devices (e.g., speakers or printers) could also beincluded but have not been illustrated.

The personal computer 10 may operate in a network environment utilizingconnections to one or more remote computers, such as a remote computer52. The remote computer 52 may be a server, a router, a peer device, orother common network node. Remote computer 52 may include many or all ofthe features and elements described in relation to personal computer 10,although only a memory storage device 54 has been illustrated in FIG. 8.The network connections depicted in FIG. 8 include a local area network(LAN) 56 and a wide area network (WAN) 58. Such network environments arecommonplace in the art.

The personal computer 10 is connected to the LAN 56 through a networkinterface 60. The personal computer 10 is also connected to WAN 58 andincludes a modem 62 for establishing communications over the WAN 58. Themodem 62, which may be internal or external, is connected to the systembus 16 via the I/O interface 46.

In a networked environment, program modules depicted relative to thepersonal computer 10, or portions thereof, may be stored in the remotememory storage device 54. For example, application programs may bestored utilizing memory storage device 54. In addition, data associatedwith an application program, such as data stored in the databases orlists described above, may illustratively be stored within memorystorage device 54. It will be appreciated that the network connectionsshown in FIG. 8 are exemplary and other means for establishing acommunications link between the computers, such as a wireless interfacecommunications link, may be used.

Although the subject matter has been described in language specific tostructural features and/or methodological acts, it is to be understoodthat the subject matter defined in the appended claims is notnecessarily limited to the specific features or acts described above.Rather, the specific features and acts described above are disclosed asexample forms of implementing the claims.

While the invention has been described in connection with what ispresently considered to be the most practical and preferred embodiments,it is to be understood that the invention is not to be limited to thedisclosed embodiments, but on the contrary, is intended to cover variousmodifications and equivalent arrangements included within the spirit andscope of the appended claims.

The invention claimed is:
 1. A method of administering a collaborationapplication using computers connected via a network, the methodcomprising: receiving an instruction via one of the computers to save acollaboration page posting from a revision poster; determining byexecuting a computer operation that the posting contains a word orphrase from a list of words or phrases relating to sensitiveinformation, the sensitive information including offensive words orphrases, words or phrases that are considered confidential, words orphrases that are considered proprietary, or words or phrases that areassociated with an asset; retrieving an e-mail address of the revisionposter; generating an e-mail to the revision poster that notifies therevision poster that the posting contains the word and that explainsconcerns about the posting; sending the e-mail to the revision postervia the network; and setting an access parameter to reduce access to thecollaboration page based on the word appearing in the posting byincreasing a security level required for accessing the collaborationpage such that fewer people can access the collaboration page after ithas been changed than before it was changed based on the word or phrasebeing contained in the collaboration page.
 2. The method of claim 1wherein sending an e-mail comprises notifying the revision poster thatthe word relates to sensitive information of an entity.
 3. The method ofclaim 1 wherein sending an e-mail comprises suggesting to the revisionposter that the posting should be removed from the collaboration page.4. The method of claim 1 wherein words may be added to the list of wordsby any user that can modify the collaboration page.
 5. A method ofadministering a knowledge management system using computers connectedvia a network, the method comprising: assigning a first userresponsibility for monitoring use of sensitive information on knowledgemanagement documents on a knowledge management system for a firstproject, the sensitive information including offensive words or phrases,words or phrases that are considered confidential, words or phrases thatare considered proprietary, or words or phrases that are associated withan asset; assigning a second user responsibility for monitoring use ofsensitive information on the knowledge management documents on theknowledge management system for a second project, the sensitiveinformation of the second project being different from the sensitiveinformation of the first project; and the knowledge management systemnotifying the first user but not the second user via the network if thesensitive information for the first project appears on a knowledgemanagement document on the knowledge management document system.
 6. Themethod of claim 5 further comprising notifying an administrator who isresponsible for all knowledge management documents on the knowledgemanagement system if the sensitive information for the first projectappears on a knowledge management document on the knowledge managementsystem and notifying the administrator if the sensitive information forthe second project appears on a knowledge management document on theknowledge management system.
 7. The method of claim 6 further comprisingnotifying an author of a knowledge management document if the sensitiveinformation for the first project appears in content produced by theauthor.
 8. The method of claim 5 further comprising adjusting access toa knowledge management document if the sensitive information for thefirst project appears in the knowledge management document.
 9. Themethod of claim 8 wherein adjusting access to a knowledge managementdocument comprises changing a security level required to access theknowledge management document.
 10. A non-transitory computer-readablestorage medium having computer-executable instructions encoded thereonthat when executed on a computer perform steps comprising: receiving anindication that a collaboration page has been changed; determining thatthe collaboration page contains a word or phrase in a list of sensitivewords or phrases, the sensitive words or phrases including offensivewords or phrases, words or phrases that are considered confidential,words or phrases that are considered proprietary, or words or phrasesthat are associated with an asset; and changing access to thecollaboration page by increasing a security level required for accessingthe collaboration page such that fewer people can access thecollaboration page after it has been changed than before it was changedbased on the word or phrase being contained in the collaboration page,at least one person being able to access the collaboration page afteraccess to the collaboration page is changed.
 11. The computer-readablestorage medium of claim 10 further comprising notifying a personassociated with the word or phrase that the collaboration page containsthe word or phrase.
 12. The computer-readable storage medium of claim 11further comprising sending an e-mail message to a person who added theword or phrase to the collaboration page to notify the person that thecollaboration page contains a sensitive word or phrase.